Vulnerabilities > Apache
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-17 | CVE-2023-22946 | Improper Privilege Management vulnerability in Apache Spark In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. | 9.9 |
| 2023-04-17 | CVE-2023-30771 | Incorrect Authorization vulnerability in Apache Iotdb web Workbench 0.13.3 Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component on 0.13.3. | 9.8 |
| 2023-04-17 | CVE-2023-24831 | Improper Authentication vulnerability in Apache Iotdb 0.13.0/0.13.1/0.13.2 Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3. Attackers could login without authorization. | 9.8 |
| 2023-04-14 | CVE-2022-47501 | Path Traversal vulnerability in Apache Ofbiz Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. | 7.5 |
| 2023-04-13 | CVE-2022-45064 | Cross-site Scripting vulnerability in Apache Sling The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. | 9.0 |
| 2023-04-07 | CVE-2023-28707 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Drill Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. | 7.5 |
| 2023-04-07 | CVE-2023-28710 | Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Spark Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1. | 7.5 |
| 2023-03-30 | CVE-2023-28935 | Command Injection vulnerability in Apache Unstructured Information Management Architecture ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. When using the "Distributed UIMA Cluster Computing" (DUCC) module of Apache UIMA, an authenticated user that has the permissions to modify core entities can cause command execution as the system user that runs the web process. As the "Distributed UIMA Cluster Computing" module for UIMA is retired, we do not plan to release a fix for this issue. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 8.8 |
| 2023-03-28 | CVE-2023-28326 | Missing Authentication for Critical Function vulnerability in Apache Openmeetings Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room | 9.8 |
| 2023-03-28 | CVE-2023-25195 | Server-Side Request Forgery (SSRF) vulnerability in Apache Fineract Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3. | 8.1 |